CA eTrust SiteMinder Developer's Guide for Java

More documents

Recommendations

Info

Authorization ServicesSession TerminationA session is terminated in any of the following ways:■■■■After a user logs outs and the agent discards the session specificationWhen the session expiresWhen the session is revokedWhen the user account is disabledTo terminate a session, the agent must discard the session specification. Oncea session is terminated, the user must log in again to establish a new session.Authorization ServicesAgents that perform access control functions use the authorization services ofthe AgentAPI class. These services enable clients to verify a user’s rights toaccess a resource, retrieve a user’s privileges with respect to specificresources, and determine the specific access control, if any, that is imposedupon a resource.You can determine whether a resource is protected by calling the isProtected()method. This method accepts as a parameter the resource that is served bythe requesting agent and returns information about the user’s credentials.Once the user’s identity is validated, the agent calls the authorize() method todetermine if the requesting user has access to the requested resource. Agentscan perform fine-grained access control by leveraging the collection ofresponse attributes that this method retrieves.Auditing Services and Transaction TrackingAgents can keep track of and log all user activity during a session. Althoughmuch of a user’s activity is logged by the Policy Server, there are times whenit may be necessary to log authorizations done out of agent cache. Agents callthe audit() method to log such requests for resources.By generating a unique transaction id, agents can correlate access controlactivity with application activity. The transaction id can be given to both theauthorization and auditing methods so that the Policy Server would record thetransaction-specific id associated with the application activity. This can be usedfor non-repudiation.42 Developer's Guide for Java
Management ServicesManagement ServicesA management protocol exists between agents and the SiteMinder PolicyServer. This protocol helps an agent manage its caches and encryption keys ina manner consistent with both SiteMinder policies and administrative changeson the Policy Server.To request the latest agent commands, an agent calls the methoddoManagement() with MANAGEMENT_GET_AGENT_COMMANDS set in theManagementContextDef object. Typically, this call is made every n seconds bya thread running in the background. The types of agent commands that can beretrieved are cache commands and encryption commands.Cache CommandsCache commands inform the agent of any changes to its caches that may needto be made as a result of administrative updates to the Policy Server.The cache commands are:■■■■■CACHE_FLUSH_ALLCACHE_FLUSH_ALL_USERSCACHE_FLUSH_THIS_USERCACHE_FLUSH_ALL_REALMSCACHE_FLUSH_THIS_REALMEncryption CommandsEncryption commands inform the agent of new encryption keys that aregenerated administratively or automatically by the Policy Server. Agents savesecure state can use this protocol to keep track of the latest encryption keys.The encryption commands are:■■■■■AFFILIATE_KEY_UPDATEAGENT_KEY_UPDATE_NEXTAGENT_KEY_UPDATE_LASTAGENT_KEY_UPDATE_CURRENTAGENT_KEY_UPDATE_PERSISTENTChapter 3: Agent API 43
Page 2 and 3: This documentation and any related
Page 5 and 6: ContentsChapter 1: Java API Overvie
Page 7 and 8: Make Policy Management API Requests
Page 9: Set Search Parameters When You Crea
Page 12 and 13: Code SamplesCode SamplesThe SiteMin
Page 14 and 15: Policy Management APIThe SiteMinder
Page 16 and 17: How Java Components Fit TogetherHow
Page 18 and 19: Java API FlowThere are two types of
Page 20 and 21: Java API FlowIf you do not already
Page 22 and 23: Java API FlowYou might already have
Page 24 and 25: Javadoc ReferenceJavadoc ReferenceT
Page 26 and 27: Connection ClassConnection ClassYou
Page 28 and 29: Result ClassInterpret a Result Obje
Page 30 and 31: Property ClassThe core methods of t
Page 32 and 33: Agent API Class HierarchyThe Agent
Page 34 and 35: Implement the Pure Java Agent API5.
Page 36 and 37: Connection to a Policy Server■■
Page 38 and 39: User Access to Resources5. Audit ca
Page 40 and 41: Java Agent API ServicesJava Agent A
Page 44 and 45: Tunnel ServicesTunnel ServicesTunne
Page 46 and 47: Single Sign-on4. Custom agent creat
Page 48 and 49: Server ClustersAdvantages of Sessio
Page 50 and 51: Server ClustersCluster failover occ
Page 52 and 53: Agent TypeAgent TypeThe Agent Type
Page 54 and 55: About Policy ManagementAbout Policy
Page 56 and 57: Policy Store Objects■■■■■
Page 58 and 59: Write a Policy Management Applicati
Page 60 and 61: Agent Configuration Object MethodsA
Page 62 and 63: General Object MethodsMethoddeleteD
Page 64 and 65: ODBC Query Scheme MethodsODBC Query
Page 66 and 67: Realm MethodsMethoddoImport()Descri
Page 68 and 69: Self-Registration MethodsSelf-Regis
Page 70 and 71: Utility MethodsMethodgetUserPolicie
Page 72 and 73: Retrieve Objects from the Policy St
Page 74 and 75: Authentication Scheme Configuration
Page 81: individuals might increase their in
Page 92 and 93:
Authentication Scheme Configuration
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 113 and 114:
Chapter 5: Authentication andAuthor
Page 115 and 116:
Shared InformationShared Informatio
Page 117 and 118:
Create a Custom Authentication Sche
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Use the Authorization API8. After t
Page 129 and 130:
Use the Authorization APIInterpret
Page 131 and 132:
Use the Authorization APIOther Clas
Page 133 and 134:
Use the Authorization APIActive Rul
Page 135 and 136:
Use the Authorization APITo modify
Page 137:
Use the Authorization API■■To e
Page 140 and 141:
The Required JAR File■■Adding a
Page 142 and 143:
Attribute-based DelegationAttribute
Page 144 and 145:
Implementation Class■SiteMinder a
Page 146 and 147:
Search ClassThe objects correspondi
Page 148 and 149:
Write a Directory Management Applic
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Page 158 and 159:
SearchesSet Search Parameters When
Page 160 and 161:
SearchesSet the Search FilterThe se
Page 162 and 163:
SearchesSearch an OrganizationIn th
Page 164 and 165:
User Password StateThe following co
Page 166 and 167:
Restricted Methods■■SmDmsUser.a
Page 168 and 169:
Restricted MethodsMethodsearchForwa
Page 170 and 171:
Authentication Scheme Dialog • 11
Page 172 and 173:
getDmsContext() • 144, 166getDmsD
Page 174 and 175:
organizations in flat directories
Page 176 and 177:
SmApiResult class • 27SmApiSessio
show all

CA eTrust SiteMinder Developer's Guide for Java

Create successful ePaper yourself

Delete template?

Save as template?